Lucene search
+L

42 matches found

nvd
nvd
added 2026/06/26 12:16 a.m.11 views

CVE-2026-43920

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...

6.9CVSS0.00545EPSS
Exploits0References2
cve
cve
added 2026/06/25 11:6 p.m.23 views

CVE-2026-43920

CVE-2026-43920 affects FOSSBilling versions 0.5.4–0.7.2 where the unauthenticated /run-patcher endpoint allowed privileged maintenance operations (config migrations, DB schema changes including ALTER/DROP/UPDATE, filesystem deletions/renames, and cache clearing) to be executed without admin auth,...

6.9CVSS6AI score0.00545EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/25 11:6 p.m.38 views

CVE-2026-43920 FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...

6.9CVSS0.00545EPSS
Exploits0References2
osv
osv
added 2026/06/25 11:6 p.m.1 views

CVE-2026-43920 FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...

6.9CVSS6.2AI score0.00545EPSS
Exploits0References4
packetstormnews
packetstormnews
added 2026/05/17 12:0 a.m.20 views

ContraFix: Agentic Vulnerability Repair Via Differential Runtime Evidence and Skill Reuse

Large language model LLM agents are increasingly used for automated vulnerability repair AVR, where repository-level reasoning enables them to inspect context and produce source-code patches. However, recent empirical results show that these agents still struggle with real-world vulnerabilities...

5.9AI score
Exploits0
cnnvd
cnnvd
added 2026/03/04 12:0 a.m.7 views

App Auto-Patch 安全漏洞

App Auto-Patch is an open-source tool developed by App Auto-Patch for automating the patching of Mac applications. Version 3.4.2 of App Auto-Patch contains a security vulnerability, which stems from insecure permissions, potentially allowing attackers to write arbitrary files...

7.8CVSS5.9AI score0.00216EPSS
Exploits2References4
githubexploit
githubexploit
added 2025/12/06 1:30 p.m.155 views

Exploit for Deserialization of Untrusted Data in Facebook React

Next.js RCE Patcher CVE-2025-55182 A simple, automated tool...

10CVSS7.8AI score0.99562EPSS
Exploits375
redhatcve
redhatcve
added 2025/11/18 12:11 a.m.22 views

CVE-2025-63917

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

7.1CVSS7.1AI score0.00387EPSS
Exploits1References1
osv
osv
added 2025/11/17 5:15 p.m.5 views

CVE-2025-63917

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

7.1CVSS5.9AI score0.00387EPSS
Exploits1References3
nvd
nvd
added 2025/11/17 5:15 p.m.10 views

CVE-2025-63918

PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations...

6.2CVSS0.0039EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2025/11/17 12:0 a.m.2 views

CVE-2025-63918

PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations...

6.8AI score0.0039EPSS
Exploits1References3
cvelist
cvelist
added 2025/11/17 12:0 a.m.10 views

CVE-2025-63918

PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations...

0.0039EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2025/11/17 12:0 a.m.4 views

CVE-2025-63917

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

6.7AI score0.00387EPSS
Exploits1References3
cvelist
cvelist
added 2025/11/17 12:0 a.m.11 views

CVE-2025-63917

PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...

0.00387EPSS
Exploits1References3
cve
cve
added 2025/11/17 12:0 a.m.15 views

CVE-2025-63918

CVE-2025-63918 affects the PDFPatcher executable. The root cause is insufficient validation of user-supplied file paths, enabling directory traversal attacks that allow attackers to upload arbitrary files to arbitrary locations. The entry notes a local attack vector with low complexity and high i...

6.2CVSS6.8AI score0.0039EPSS
Exploits1References3Affected Software1
vulnersosv
vulnersosv
added 2025/08/14 6:52 p.m.6 views

formii (=1.0.0), html-patcher-stream (>=1.0.0 <=1.1.0) +1 more potentially affected by unknown CVE via html-patcher (>=0.0.3 <=0.1.0)

html-patcher NPM version =0.0.3, =1.0.0, =0.1.0, =1.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-22751...

5.8AI score
Exploits0
ossf
ossf
added 2025/08/14 6:52 p.m.5 views

Malicious code in html-patcher (npm)

The package html-patcher was found to contain malicious code...

7AI score
Exploits0
osv
osv
added 2025/08/14 6:52 p.m.3 views

MAL-2025-22751 Malicious code in html-patcher (npm)

The package html-patcher was found to contain malicious code...

7.2AI score
Exploits0
ossf
ossf
added 2025/08/14 6:52 p.m.5 views

Malicious code in solara-patcher-legacy (npm)

The package solara-patcher-legacy was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
osv
osv
added 2025/08/14 6:52 p.m.5 views

MAL-2025-33626 Malicious code in solara-patcher-legacy (npm)

The package solara-patcher-legacy was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...

7AI score
Exploits0
Rows per page
Query Builder